USCellular, the fourth largest wireless carrier in the USA with 4.9 million customers has been hacked.
Retail store’s employee were scammed into downloading software on a computer which allowed an attacker to access the computer remotely. The hacker gained access to the company’s CRM records since the employee was already logged in to the system.
According to the UScellular “Notice of Data Breach”, information involved in the data breach include: customer names, addresses, PIN code and cellular telephone numbers as well as information about the customer’s wireless services like: the customer’s service plan, usage and billing statements.
The good thing is that more sensitive information like Social Security Numbers and credit card information was masked within the CRM system and could not be obtained by the attacker.
This is by no means a sophisticated attack. The attacker only needed to trick the user to download the malicious software on the company computer.
Such attacks emphasize the needs for stronger controls on company endpoints which prevent the download and execution of unauthorized software, network controls to prohibit the use of unwanted communication protocols, better anti-phishing controls and more efficient user security awareness trainings.